Test: /tests/basic/bug79699.phpt - Version 7.3.33 
| Security #79699 | PHP parses encoded cookie names so malicious `__Host-` cookies can be sent | ||||
|---|---|---|---|---|---|
| Submitted: | 2020-06-14 19:37:08 | Modified: | 2020-09-29 06:12:51 | ||
| From: | fletchto99 | Assigned: | stas | ||
| Status: | Closed | Package: | HTTP related | ||
| PHP Version: | 7.4.7 | OS: | macOS (but should affect any) | ||
There is 1 diff reported by users for this test.
| Count | Diff |
|---|---|
4 (100%) |
001+ Fatal error: The cgi-fcgi SAPI is not supported by pthreads in Unknown on line 0
002+
003+ Fatal error: Unable to start pthreads module in Unknown on line 0
001- array(4) {
002- ["__%48ost-evil"]=>
003- string(4) "evil"
004- ["__Host-evil"]=>
005- string(4) "good"
006- ["%66oo"]=>
007- string(3) "baz"
008- ["foo"]=>
009- string(3) "bar"
010- }
|